The New York Times' on Thursday sparked calls for congressional action by publishing the first article in its "One Nation, Tracked" series, an investigation into smartphone tracking based on a data set with over 50 billion location pings from the devices of more than 12 million people in the United States.
The data, from 2016 and 2017, "was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so," explained reporters Stuart A. Thompson and Charlie Warzel. "The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers."
Readers and fellow journalists quickly turned to social media to draw attention to the reporting. Laura Rosenberger, director of the Alliance for Securing Democracy, tweeted: "This is the most important article you should read today. Period."
Aaron Zitner of the Wall Street Journal concurred, writing on Twitter: "This is surely the most consequential piece of journalism published today, and its presentation is the highest form of storytelling. Think of what an authoritarian state is already doing with this technology."
The new report—the first of seven pieces set to be published this week by the Times Opinion Section's "Privacy Project"—features visualizations of the data from Central Park, Grand Central Terminal, and the New York Stock Exchange in New York City; Beverly Hills; downtown San Francisco; Mar-a-Lago, President Donald Trump's resort in Florida; the White House; and the Pentagon.
When we first started working with the data, we wanted to see if any sensitive sites were included. I zoomed into the Pentagon and saw this.
Our jaws hit the floor.
— Stuart A. Thompson (@stuartathompson) December 19, 2019
"The data reviewed by Times Opinion didn't come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps," explained Thompson and Warzel.
The reporters added that "you've probably never heard of most of the companies—and yet to anyone who has access to this data, your life is an open book. They can see the places you go every moment of the day, whom you meet with or spend the night with, where you pray, whether you visit a methadone clinic, a psychiatrist's office or a massage parlor."
But Thompson and Warzel weren't just "shaken" by what they found when delving into what data location companies can see—they also highlighted that this behavior is only governed by the companies' internal policies and the moral compasses of employees. As the article detailed: "Today, it's perfectly legal to collect and sell all this information. In the United States, as in most of the world, no federal law limits what has become a vast and lucrative trade in human tracking."
The reporters described the data collected from smartphones as "a diary of your every movement."
The companies that collect all this information on your movements justify their business on the basis of three claims: People consent to be tracked, the data is anonymous, and the data is secure.
None of those claims hold up, based on the file we've obtained and our review of company practices.
Yes, the location data contains billions of data points with no identifiable information like names or email addresses. But it's child's play to connect real names to the dots that appear on the maps.
To demonstrate how easy it is to figure out who someone is based on their smartphone data, Thompson and Warzel included some examples.
"We spotted a senior official at the Department of Defense walking through the Women's March, beginning on the National Mall and moving past the Smithsonian National Museum of American History that afternoon," they reported. "His wife was also on the mall that day, something we discovered after tracking him to his home in Virginia. Her phone was also beaming out location data, along with the phones of several neighbors."
"The official's data trail also led to a high school, homes of friends, a visit to Joint Base Andrews, workdays spent in the Pentagon and a ceremony at Joint Base Myer-Henderson Hall with President Barack Obama in 2017 (nearly a dozen more phones were tracked there, too)," the piece continued. The reporters even spoke with some of the individuals they were able to identify, such as Ben Broili, a manager for the drone delivery service Amazon Prime Air, and Mary Millben, a Virginia-based singer who has performed for three presidents.
"To know that you have a list of places I have been, and my phone is connected to that, that's scary," Millben told the Times. "What's the business of a company benefiting off of knowing where I am? That seems a little dangerous to me."
— Privacy Project (@PrivacyProject) December 19, 2019
The ACLU responded to the Times report with a call to action directed at Congress, tweeting: "This investigation exposes the disastrous implications of living in a society where companies are allowed to turn our cell phones into always-on tracking devices with zero legal limitations or oversight. Action from lawmakers is already years overdue."
"We need strong laws that prevent apps from collecting unnecessary but sensitive location data and feeding it into surveillance databases," the group added. "Laws should also provide transparency into how companies are using and selling data, and allow individuals to sue privacy-violating companies."
There have been some sweeping digital privacy proposals introduced in Congress recently, but in the absence of any established nationwide rules, "states are starting to respond with their own laws," the Times reported. "The California Consumer Protection Act goes into effect next year and adds new protections for residents there, like allowing them to ask companies to delete their data or prevent its sale. But aside from a few new requirements, the law could leave the industry largely unencumbered."
Although the Times article was widely lauded for contributing to national awareness about issues and debates related to personal data in the digital era, it also was met with some criticism from privacy rights experts and advocates.
In a lengthy Twitter thread, Lindsey Barrett, a staff attorney and teaching fellow at Georgetown University Law Center's Institute for Public Representation, called the report "revealing and important" while also criticizing it for framing "surreptitious and functionally unavoidable surveillance as an individual failing rather than the intentional project of corporations and their enablers."
in 2020 we’re ditching this red herring of a nonsense term, tell your friends pic.twitter.com/V3v8MWLuXD
— Lindsey Barrett (@LAM_Barrett) December 19, 2019
"Framing is everything," Barrett added. "Relying on the premise of 'people choose to be tracked so our project has to be talking them out of it, not arguing that the surveillers need more accountability' gives tech lobbyists who make those self-serving arguments credibility they don't deserve."